CSA STAR: The Future of Cloud Trust and Assurance

CSA STAR is the industry’s most powerful program for security assurance in the cloud. STAR encompasses key principles of transparency, rigorous auditing, and harmonization of standards. STAR certification provides multiple benefits, including indications of best practices and validation of security posture of cloud offerings.

STAR consists of three levels of assurance, which currently cover four unique offerings all based upon a succinct yet comprehensive list of cloud-centric control objectives in the CSA’s Cloud Controls Matrix (CCM). CCM is the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing.

The STAR program includes a complimentary registry that documents the security controls provided by popular cloud computing offerings. This publicly accessible registry is designed for users of cloud services to assess their cloud providers, security providers and advisory and assessment services firms in order to make the best procurement decisions.

CSA STAR is based upon two key research components of the CSA GRC Stack:

The Consensus Assessments Initiative Questionnaire (CAIQ) - Based upon the CCM , the CAIQ provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix and CSA best practices.

LEVEL TWO: CSA STAR Attestation

CSA STAR Attestation is a collaboration between CSA and the AICPA to provide guidelines for CPAs to conduct SOC 2 engagements using criteria from the AICPA (Trust Service Principles, AT 101) and the CSA Cloud Controls Matrix. STAR Attestation provides for rigorous third party independent assessments of cloud providers.

LEVEL TWO: CSA STAR Certification

The CSA STAR Certification is a rigorous third-party independent assessment of the security of a cloud service provider. The technology-neutral certification leverages the requirements of the ISO/IEC 27001:2005 management system standard together with the CSA Cloud Controls Matrix.

LEVEL TWO: CSA C-STAR Assessment

The CSA C-STAR Assessment is a robust third party independent assessment of the security of a cloud service provider for the Greater China market that harmonizes CSA best practices with Chinese national standards. C-STAR leverages the requirements of the GB/T 22080-2008 management system standard together with the CSA Cloud Controls Matrix, plus 29 related controls selected from GB/T 22239-2008 and GB/Z 28828-2012.

LEVEL THREE: CSA STAR Continuous Monitoring

Currently under development, CSA STAR Continuous Monitoring enables automation of the current security practices of cloud providers. Providers publish their security practices according to CSA formatting and specifications, and customers and tool vendors can retrieve and present this information in a variety of contexts.

Key Links & Resources

The CSA STAR Program is a publicly accessible registry designed to recognize the varying assurance requirements and maturity levels of providers and consumers, and is used by customers, providers, industries and governments around the world.

Redirecting...

Add your Service to the CSA STAR Registry

CSA STAR is open to all Cloud Providers

Eligibility for listing on the STAR Registry requires an
official and authorized submission of one or more documents
asserting compliance to CSA-published best practices. The
registry is intended to allow potential cloud customers to
review the security practices of providers, accelerating their
due diligence and leading to higher quality procurement
experiences.

Companies can be listed on the STAR Registry by submitting
their STAR Self-Assessment (Level 1) and/or their Third Party
based certification (Level 2).

Submitting Reports to CSA is Simple

Fill out the form below and attach any supporting security
control documents. For assistance with Level 2 requests, please
contact us at
[email protected].

When you are finished, click the “Submit my Entry”
button. We will review your submission for accuracy and follow
up via email to verify. If you have questions about your
submission, please contact
[email protected].

CSA STAR Registry Terms and Conditions

Your submission is subject to the
CSA STAR Terms and Conditions.
We encourage you to review these Terms and Conditions, which
govern your use of the CSA STAR Registry.

STAR Registry Entry Submission

Notice: All of the fields in this form are required.

Contact Name

Contact Email

Billing Contact

Billing Address

Organization

Organization Name

Organization Public Email

Organization Website

Organization Description

Cloud Service

Cloud Service Name

Cloud Service Website

Cloud Service Description

Supporting Security Control Document(s)

STAR Registry Entry Type

For Level 2 Certification and C-STAR, it is mandatory to attach the STAR Entry Template. CSA recommends to also attach the STAR Certification or C-STAR Certificate. The Audit report should NOT be submitted.

For Level 2 Attestation ONLY, the STAR Entry Template is required. The Audit report should NOT be submitted.

Attach your File(s)

Types permitted: pdf, txt, xls, xlsx, doc, docx, zip, ods

Primary Document

Supporting Document (optional)

Proof of Purchase (if applicable)

I have a pre-existing STAR Registry Entry and would like to attach this submission to my pre-existing entry.

By submitting this form, I agree to the STARWatch Terms and Conditions and the Cloud Security Alliance Website Terms and Conditions.

This website uses cookies to improve functionality and performance. If you continue browsing the site, you are giving implied consent to the use of cookies on this website. See our Cookie Policy for details.